Cloud security in the era of WikiLeaks

Salesforce helped pioneer the concept of putting confidential organizational data in a "public cloud" system. Other key vendors offering public cloud data services include Microsoft Azure and Amazon S3 services. "Cloud" has come to mean many things to many people as far as putting internal office functions up on the Internet. The word “public” is important to understand. This means that all data--every corporate and nonprofit user--sits in one enormous database. This is in fact a reassurance, not a drawback. In a public cloud web service, the vendor focuses its security attentions on one system, top to bottom.

Public Clouds and the Apartment Building Analogy

The data system in a public cloud is "multi-tenant"--tenant as in big apartment building. Even more than in a condo development, an apartment building provides uniform infrastructure supports distributed across all residents. Apartment building tenants in a well-run building can still personalize a unit yet off-load most all concerns for maintenance and infrastructure. Salesforce, for example, manages its 100,000 customer accounts with something like 20,000 servers. These servers are located in multiple data centers worldwide each with thousands of servers. A typical hosted website may be secured by the Internet Services Provider, yet it resides in one physical place at a time. In a public cloud system, your data is never just on one server in one data center. There is immense redundancy and optimization so you never need to think about where things are stored and where the next page view is coming from. Likewise, you don't have to think about doing a back-up. It just happens.

While it still strikes many as challenging to use a public cloud service for storing confidential donor or client lists, we all trust public cloud environments daily. When you use GMail, Google Docs, Facebook, Flickr, Twitter, you trust your data to a public cloud. In each of these, your data sits, personal or organizational, sits with everyone else’s in one place. For that matter, specialized email manager services like Constant Contact, on-line donation systems, BaseCamp also are public clouds of sorts. Though you only see your own projects, Basecamp or Central Desktop project information sits in the same database as thousands of other customers.

In a cloud environment, everyone logs into one place. Once you log in, you are directed into a compartmentalized set of functions and data and can never see anyone else's. The privacy is covered by the user name (email address used to log in) and password. It is up to the vendor to make sure other people’s data doesn’t leak through to your account. What they gain, again, is the ability to manage all security and performance issues in one place.

As with modern network managers, cloud systems typically enable an organizational systems administrator to further govern the user list: you can restrict usage by the location (IP address) a user can use, time of day, and other rules. Cloud environments should make these rules --as well as the log in history of each user--visible to the system administrator(s) of the account (including you) at all times. The systems also encourage robust passwords and resetting them periodically.

When someone leaves the company/organization, the administrator should be able to simply deactivate their user name . This immediately locks them out. Deactivated users in some system can remain in your account without counting against licensing. This means that records of work and activity remain even after the user is locked out of the system. A bulk transfer of record ownership from a user who has left to a new user is a handy feature to use once the user is de-activated.

Add-on tools to cloud services also need to be secure. Sometimes people ask me if they can “see” their cloud data directly using ODBC, as they might have done with MySQL or SQL Server based traditional websites. In order to hold things together securely, public cloud services typically ensure that add-ons for email, event registration, as well as your own custom pages use an additional layer of security beyond user name and password. Salesforce, for example, adds a long, apparently random "security token" to encrypted data transfers by add-on tools or pages.

How much security responsibility do you want to have in the era of WIkiLeaks?

Another element of cloud-system security has to do with browser standardization. When you create or update your public website, you can still opt to have the developer support older, unsecure browsers like Internet Explorer 6. The developer won’t be happy, but it can be done. Cloud systems typically set standards for secure browser connections, which may frustrate users on older computer that haven’t updated, yet it adds protection and ensures encryption to the organizational data.

Cloud environments also enable centralized treatment. Every week there are new threats to computer systems. These threats could potentially affect cloud systems, but the difference is, it is cloud vendor’s job to make the patches, and when they do, they do it in one play for all customers. Everywhere else, you have to have some concern when patches will be applied, who will do it, and whether it will affect your customizations. Cloud vendors like Salesforce focus on pre-announced major upgrade cycles annually and roll them out in organized fashion, while making security patches regularly.

A different security issue concerns how much can we trust a cloud vendor to maintain the confidentiality and privacy of data you entrust to them. This is a consideration with any software any of us uses these days. We live in an era of WikiLeaks, apparent semi-official Chinese theft of Google and Adobe data, Israeli attacks on Iranian nuclear power system networks, and newly intrusive data mining by US authorities.